Release date:
2026-07-09 09:52:54 UTC
Description:
* SECURITY UPDATE: improper neutralization of CRLF sequences via resolved
SMTP client host name used in auth_http and smtp proxy
- debian/patches/CVE-2026-28753.patch: validate that the host name
resolved from the client address contains only characters permitted
by RFC 1034 Section 3.5, rejecting it as [TEMPUNAVAIL] otherwise
- CVE-2026-28753
Updated packages:
-
nginx1.23_1.23.4-1~bookworm+tuxcare.els12_amd64.deb
sha:2103b1bc408c76425d48817307d0a6ac5f5a7e01
-
nginx1.23_1.23.4-1~bookworm+tuxcare.els12_arm64.deb
sha:14ebdbd98eefc7b768a955430f142e084cd96ba4
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.